Russian hacking group Duke resurfaces ahead of 2020 US Presidential Elections. MiniDuke targeted victims into clicking a malicious link and then use three other new families of malware named PolyglotDuke, RegDuke and FatDuke

Cyber security researchers are apprehensive that a Russian cyber espionage operation behind the hacking incident into Democratic National Committee in the run-up to the 2016 US Presidential election that remained docile till now has woken up with a series of attacks against government departments across Europe with the next US presidential race a year away.

The group known as Cozy Bear or APT29 is long believed to be an associated offspring of the Russian intelligence service and, alongside Russian military hacking group Fancy Bear, was involved in many high profile attacks between 2014 and 2017 team of cyber security analysts at ESET have come out with details of the group’s renewed activities under a new campaign nick-named Operation Ghost. Referred as Dukes, they are active in attacks using the four new families of malware. MiniDuke targeted at three ministries of foreign affairs in Europe and an embassy of a European Union country in Washington DC. It is learnt that the group is active during the Russian daytime.

Russian hacking group Duke resurfaces ahead of 2020 US Presidential Elections
Cybersecurity Pixabay
Russian hacking group Duke resurfaces ahead of 2020 US Presidential Elections

They first attack with targeted spear-phishing emails designed to lure victims into clicking a malicious link or downloading malware via an attachment use three other new families of malware named PolyglotDuke, RegDuke and FatDuke.

PolyglotDuke uses Twitter, Reddit, Imgur and other websites to link to their command and control (C&C) infrastructure, to avoid storing information in the malware and evade being detected. RegDuke contains the main payload and stores it on the Windows registry while also applying stenography to stay hidden. The third FatDuke, is a sophisticated backdoor with the ability to steal login credentials and other private data. ESET researchers have discovered an operation dubbed “Ghost,” which started much earlier, in 2013, and is still ongoing. Here’s a table compiled by ESET about their attacks over a period of time:

Russian hacking group Duke resurfaces ahead of 2020 US Presidential Elections
Malware attacks table ESET

For more Technology Articles: https://www.dazzlepop.net/site/category/technology/

Read more: https://www.ibtimes.sg/russian-hacking-group-awake-ahead-2020-us-presidential-elections-33355